As expected, there are six bulletins and associated patches this month. The updates affect Windows and Internet Explorer. Two are rated Critical. A total of 29 CVEs (Common Vulnerabilities and Exposures) are addressed. The MSRC post for this month’s updates has additional information.
Category Archives: Windows
Java no longer supported on Windows XP
As of April 8, 2014, Oracle is no longer supporting the use of Java on Windows XP. Java 7 can still be installed on Windows XP, and Java 7 updates installed on Windows XP will probably work as expected, but Oracle says you’re on your own if bad things happen. Java 8 will refuse to install on Windows XP.
Recommendation: if you still have computers running Windows XP, stop using Java on those computers.
Update 2014Jul18: Oracle recently posted a clarification, saying that Java issues affecting only Windows XP will not be addressed with updates. Java issues affecting Windows XP as well as other versions of Windows will get updates, and those updates will work as expected on Windows XP.
Edit 2014Jul18: fixed two typos in the first paragraph.
Advance notification for July Microsoft updates
This month’s updates will become available around 10am PST on July 8. There are expected to be six bulletins, with associated updates affecting Windows and Internet Explorer. Two are tagged as Critical.
The official advance notification bulletin has all the technical details, while as usual there’s a less technical summary over on the MSRC blog.
Windows 8 growth rate flatlines; XP still going strong
Despite its initial growth spurt, it looks like people are staying away from Windows 8.x in droves. The latest stats show little to no change in the number of Windows 8.x installs in the last month. Windows XP’s recent slide, no doubt due to the end of its support, has also leveled out. As things stand, Windows XP use is roughly double that of Windows 8.x.
Microsoft may have have thrown in the towel on Windows 8.x. They recently announced that the Start menu won’t reappear in Windows 8.x, but will be included in Windows 9, which is giving those of us who advised against switching to Windows 8 an excuse to say ‘I told you so.’
Windows 8.x unlikely to see return of Start menu after all
Despite earlier indications that Microsoft would finally return the Start menu to Windows 8.x, it now looks like that may not ever happen.
Microsoft is now saying that the next update for Windows 8.1 (likely to be called ‘Update 2’) will not bring back the Start menu, and will only include small user interface adjustments.
Instead, Microsoft will wait for Windows 9 to bring back the Start menu. With Windows 9, Microsoft will apparently do what they should have done with Windows 8, making the touch-centric ‘Metro’ user interface optional, defaulting to a regular desktop on keyboard/mouse PCs and to the touch interface on touch devices.
Internet Explorer security beefed up
One of the updates made available by Microsoft for June’s Patch Tuesday makes Internet Explorer much more resistant to attacks based on a particular form of security flaw known as ‘use after free‘.
Ars Technica has additional details.
Vulnerability in Microsoft Malware Protection Engine
A serious vulnerability in the software at the core of Microsoft’s anti-malware solutions (Microsoft Malware Protection Engine) could open the door for DDoS attacks.
An attacker could create a special file, which – when scanned by affected software – would make the anti-malware software ineffective against any and all malware. A new patch from Microsoft fixes the vulnerability.
Software that uses the Malware Protection Engine is typically configured to update itself automatically. That includes Microsoft Security Essentials, a free Windows-based anti-malware solution.
If you are using MSSE, you can determine whether the patch has been installed by opening MSSE, clicking the small arrow next to ‘Help’, then clicking ‘About’. You should see a line like this:
Engine Version: 1.1.10701.0
If your Engine Version is 1.1.10701.0 or higher, then the patch has been installed and you are protected against this vulnerability. If the version is 1.1.10600.0 or lower, go to the Update tab and click the Update button.
Microsoft Security Advisory 2974294 provides additional details.
Required update for Internet Explorer 11
Microsoft is apparently trying to reduce the amount of work they face when creating software updates.
The latest wrinkle is that anyone running Internet Explorer 11 on Windows 7 must install update KB2929437 in order to continue receiving updates for Internet Explorer.
In other words, if you fail to install KB2929437, you will stop seeing updates (including critical security updates) for Internet Explorer in Windows Update and Autoupdate.
Microsoft Patch Tuesday for June 2014
This month there are seven bulletins, with related patches affecting Internet Explorer, Windows and Office. A total of sixty-six security vulnerabilities are fixed with these updates.
Note that Microsoft is recommending upgrading to the latest version of Internet Explorer. IE 11 contains security features not found in previous versions and is therefore somewhat more secure than those older versions. Anyone still using Internet Explorer would do well to follow this advice.
Note also that this is the last set of updates that will be available for Windows 8.1 installations without Update 1. In other words, if you’ve held off on installing Update 1, you won’t get any updates next month or after that.
Related links
Microsoft: advance notification for June updates
This month there will be seven bulletins and associated updates for Windows, Office and Internet Explorer. Two are rated Critical.
One of the updates will fix the recently-discovered vulnerability in Internet Explorer 8.
The official advance warning bulletin has all the technical details.